I'm using pari-gp for building a small crypto-app. Even if it is a toy
project, I want to do the things in the right way.
One big concern in cryptography is to wipe any sensitive material from
memory as fast as possible, in particular, the stack should be cleaned
often.
In pari-gp, we have the normal stack and the pari-stack. About this
last one, we know how to free pari-objects via "gerepile"-family
functions; but if these objects contain sensitive material, this is
not zeroed; the memory is free to be reused, but it is not wiped and
the sensitive material could some way be leaked off (perhaps due to a
core dump?).
So, I think a possible solution is to call a burn_paristack() function
every time a critical calculation is done. For example:
void burn_paristack()
{
pari_sp ltop = avma, st_lim = stack_lim(ltop, 1);
size_t st_size = (ltop - st_lim)*sizeof(pari_sp);
char *dump;
dump = stackmalloc(st_size);
bzero(dump, st_size);
avma = ltop;
}
This way, calling to burn_paristack() zeroes half of the available
room in the stack, wiping the information held by the last used
objects.
Did I argue well? Did I miss something? May this scheme be optimized?
TIA
--
Manuel Pancorbo Castro
http://bitakoro.tk/